Rahul Sundaram wrote: > Hi, > > > Summary: > > SELinux is preventing npviewer.bin (nsplugin_t) "getattr" to /dev/dri/card0 > (dri_device_t). > > Detailed Description: > > SELinux denied access requested by npviewer.bin. It is not expected that > this > access is required by npviewer.bin and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration > of the > application is causing it to require additional access. > > Allowing Access: > > Sometimes labeling problems can cause SELinux denials. You could try to > restore > the default system file context for /dev/dri/card0, > > restorecon -v '/dev/dri/card0' > > If this does not work, there is currently no automatic way to allow this > access. > Instead, you can generate a local policy module to allow this access - > see FAQ > (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. > Please file a bug report > (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) > against this package. > > Additional Information: > > Source Context unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c102 > 3 > Target Context system_u:object_r:dri_device_t:s0 > Target Objects /dev/dri/card0 [ chr_file ] > Source npviewer.bin > Source Path /usr/lib/nspluginwrapper/npviewer.bin > Port <Unknown> > Host localhost.localdomain > Source RPM Packages nspluginwrapper-1.1.0-5.fc10 > Target RPM Packages > Policy RPM selinux-policy-3.5.1-4.fc10 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name catchall_file > Host Name localhost.localdomain > Platform Linux localhost.localdomain > 2.6.27-0.244.rc2.git1.fc10.i686 #1 SMP Fri > Aug 8 > 13:26:20 EDT 2008 i686 i686 > Alert Count 200 > First Seen Wed 13 Aug 2008 12:46:15 AM IST > Last Seen Wed 13 Aug 2008 02:22:02 AM IST > Local ID de968e68-bfda-46a2-b7bb-624dd3967d16 > Line Numbers > > Raw Audit Messages > > host=localhost.localdomain type=AVC msg=audit(1218574322.776:773): avc: > denied { getattr } for pid=12887 comm="npviewer.bin" > path="/dev/dri/card0" dev=tmpfs ino=9434 > scontext=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file > > host=localhost.localdomain type=SYSCALL msg=audit(1218574322.776:773): > arch=40000003 syscall=195 success=no exit=-13 a0=bfccaed4 a1=bfccae60 > a2=6c7ff4 a3=32 items=0 ppid=14557 pid=12887 auid=500 uid=500 gid=500 > euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=1 > comm="npviewer.bin" exe="/usr/lib/nspluginwrapper/npviewer.bin" > subj=unconfined_u:unconfined_r:nsplugin_t:s0-s0:c0.c1023 key=(null) > > Rahul > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Do you think it will need to read/write this device? -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
